1.4 Hashing

In part three of this video series, we will learn more what hashing is and how it is used to ensure data integrity. We have learned in part one of this tutorial aboard data integrity and that hashing will ensure data integrity. But not all hash functions can ensure data integrity. Cryptography hash functions are required for this purpose.
Cryptographic hash functions are basic building blocks in data security applications. Like any hash function, a cryptographic hash function is an algorithm that takes an arbitrary length input called message and generates a fixed length outpoint called digest. The length of digest or output depends on the hash function used. For example, the SHA-256, the length of the digest is always 256 bits long, regardless of the length of the message or import.
The properties needed for a cryptography hash function are, it should be a deterministic function. That is, a cryptographic hash function should always generate the same digest for a given message. There will be no situation where the same message will generate different digests.
A cryptographic hash function should be collision resistant, which means it is difficult to find two different messages that generate the same digest. Although mathematically, your hash function cannot guarantee that a unique digest will always be generated for every possible message, a cryptographic hash function, however, should make it very difficult to find two messages that generate the same digest.
A cryptographic hash function should be a one way function. That is, the digest should not reveal any part of the original message, not even a small part of the message, or give any clues about the message.
Cryptography has functions are used extensively to validate the integrity of data by detecting if data has changed. To achieve data integrity, sender opens a message with its digest before sending the message over internet. The recipient calculates the digest of the message using the same hash function as a sender. If the digest calculated by the recipient matches the digest sent by the sender, then the data has not been modified over the internet.
Some of the commonly used cryptographic hash functions are, MD5 or message-digest algorithm, which generates 128-bit digest, SHA-1 or secure hash algorithm, which generates a 160-bit digest, and SHA-2, which consists of multiple hash functions that generates digests of varying length. For example, SHA-224, as the name suggests, generates a 224-bit digest. And SHA-256 generates a 256-bit digest.
Along with public key encryption, cryptographic hash functions are commonly used for digital signature. A digital signature provides a way for verifying the authenticity of a digital message or file. Once a message is digitally signed, it provides means for a receiver to authenticate if the message was generated by a known sender. After digitally signing a message, the sender cannot deny having sent a message, insuring non-repudiation. Digital signature also provides means to verify that the data is not tampered with, and hence provides data integrity. Public key encryption covered in part two of this video tutorial is used to achieve authentication and non-repudiation. Hashing is used to achieve data integrity.
In a typical digital signatures scheme, the sender Bob generates a digital signature for a message by running the message through a cryptographic hash function to generate a digest. This digest is then encrypted with Bob's private key. The resulting ciphertext is called signature. The signature is attached to the message and sent over the internet.
On receiving this message and signature, the receiver, Alice, first decrypts the signature with Bob's public key to retrieve the digest. If the decryption was successful, it authenticates that the message and signature were sent by Bob. In the future, Bob cannot deny sending this message, as only Bob has the private key to encrypt this data.
Alice then generates a digest by running the message through the same cryptographic hash function that Bob used. If this digest matches the digest sent by Bob, it confirms that the message was not modified after leaving the source Bob.
One on the common applications of digital signatures is to sign a TLS certificate that authenticates a server. We will cover TLS certificates and how they help in authenticating a server in more detail in part four of this tutorial.